Thursday, July 6, 2017

Cisco ACS 5.8 patch

Will our report monitoring  tool hasn't  been working with  various browsers.

Will our cisco ACS need to be patched in order to get our monitor tool up and running.

1st step was to execute  backup on the primary ACS

My repository was named TAC

acs backup  TEXT01 repository  TAC JUN062017BACKUP

2nd we copy the  gpg patch ball into the host that has the repository TAC

scp ./5-8-0-32-7.tar.gpg  ken.felix@

from witin the  ciscoACS, we only need to execute the acs install patch against the repository and the name patch ball

CISCOACSSERVER01/adminacsuser# acs patch  install  5-8-0-32-7.tar.gpg repository  TAC
 md5: ae3c92ed519471319132dfdbe9982d1a
 sha256: 62bd5e42f22c9f7e4c65480ffef8b8b46ac073e50ce6e92ae6940665c8080174
% Please confirm above crypto hash matches what is posted on Cisco download site.
% Continue? Y/N [Y] ? Y
Installing ACS patch requires a restart of ACS services. Continue?  (yes/no) yes
Calculating disk size for /opt/CSCOacs/patches
Total size of patch files are 1763 M.
Max Size defined for patch files are 2000 M.
Stopping ACS.
Stopping Management and View............................................................./opt/CSCOacs/bin/acs-for-cars-cli: line 58: kill: (7633) - No such process
Stopping Runtime........
Stopping Database.......
Stopping Ntpd...
Stopping log forwarding .....
Installing patch version ''
Installing ADE-OS 2.0 patch.  Please wait...
About to install files
Removing old war
Removing old war
Removing old war
Removing old war
Removing old war
Removing old war
Removing old war
Installing PBIS patch.  Please wait...
Installing TCP kernel patch.  Please wait...
nstalling new NSS.  Please wait...
This patch includes security fixes which requires ACS server reboot. It is highly recommended to proceed with reboot
Do you want to reboot the server ? Y/N : y
You have choosen to reboot the server, Rebooting ...

The system is going down for reboot NOW!
Patch '5-8-0-32-7' version '' successfully installed
Starting ACS ....

To verify that ACS processes are running, use the
'show application status acs' command.


Now sit back and wait for it to come back up ;)


login into the  ciscoACS and goto  > about and validate that the patch_level is correct

Finally ,

run thru the logs and  account and ensure AAAclients are authenticating.

remember to repeat the above on the secondary if you have dual ciscoACS.


No comments:

Post a Comment